Security Bulletins for Xerox Products (7)

Background
This bulletin announces the availability of the following:
1.Bash Security Patch
The Bash/Shellshock patch for FFPS is now available on the Xerox Download Server (aka DMS). The patch is available on the DMS server for all FFPS Releases v7, v8, and v9. (For FFPS v6 and DocuSP 5, refer to the section below). The patch is not mandatory but will be included in future Security Patch Cluster releases. This patch has no dependency on prior-released Security Patch Clusters.

2.Guide to Using the FFPS Software Update Manager
Customers can download this patch from the Xerox Download Server and install on FFPS using the FFPS Software Update Manager. This feature is included in the FFPS v7, v8, and v9 software releases. Use of the Update Manager requires that the System Administrator has some Unix/Linux/Solaris skills, and experience starting the Command Line (terminal window) tool on the FFPS UI.
The announcement is on the Articles and White Papers page.

Patch Installation for FFPS v6 and DocuSP v5
Because the FFPS Software Update tool is not available for the FFPS v6 and DocuSP v5 products, the patch must be provided by a Xerox CSE or Analyst. Please contact your local Xerox Service representative to request the patch file and if appropriate, schedule an action to have the patch installed. Because this patch is not mandatory and there is very little risk of vulnerability with FFPS, the action should be scheduled at a mutually-convenient time

Background
Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support Contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

FreeFlow Print Server v8
July 2012 Security Patch Cluster (includes Java 6 Update 33 Software)
v1.1
NOTE: This bulletin has been re-issued to update file size and checksum information.
Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

NOTE: We have released a new version of this bulletin to correct file size specifications and checksum information. No other technical information has been changed.

Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Xerox customizes the patch deliveries as appropriate to each FFPS Product family, and tests the CPU patches on each supported SPAR Release prior to delivery. Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

FreeFlow Print Server
Oracle July 2011 CPU OS and Security Patch Cluster (includes Java 6 Update 26 Software)
Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Xerox customizes the patch deliveries as appropriate to each FFPS Product family, and tests the CPU patches on each supported SPAR Release prior to delivery. Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.